<?php
require_once 'Encode.php';
require_once 'userModel.php';
require_once 'DBConnector.php';
require_once 'view.php';
session_start();

$_func=e($_REQUEST['request']);
if (!isset($_func)){
	showIndex();
}else{
	$_func();
}

function showIndex(){
	if(isset($_SESSION['userId'])){
		$view = new View();
		$view->render("index.php");
	} else {
		logOut();
	}
}

function logIn() {
	$_userId = $_POST['userId'];
	$_password = $_POST['password'];
	$userModel = new UserModel();
	$userId = UserModel::USER_ID;
	$userName = UserModel::USER_NAME;
	$userProfile = UserModel::USER_PROFILE;
	$userPrivilege = UserModel::USER_PRIVILEGE;
	$userPassword = UserModel::USER_PASSWORD;

	$sth = DBConnector::getDB()
			->prepare(
					"select {$userId},{$userName},{$userPrivilege} from tUser
		where {$userId}='{$_userId}' and {$userPassword}=password('{$_password}')");

	$result = $userModel->select($sth);
	if ($result[0] == NULL) {
		logOut();
	} else {
		$_SESSION['userId'] = $result[0][$userId];
		$_SESSION['userName'] = $result[0][$userName];
		$_SESSION['userPrivilege'] = $result[0][$userPrivilege];

		$view = new View($result);
		$view->render("index.php");
	}
}

function logOut() {
	DBConnector::disconnectDB();
	$_SESSION['userId'] = '';
	$_SESSION['userName'] = '';
	$_SESSION['userPrivilege'] = '';
	session_destroy();
	header("Location: ../login.php");

}

function selectProfile($_userIndex){
	$userModel = new UserModel();
	$db = DBConnector::getDB();
	if($_userIndex==NULL){
		$sth = $db->prepare("select * from tUser");
	} else {
		$sth = $db->prepare("select * from tUser where userId='{$_userIndex}'");
	}
	return $userModel->select($sth);
}

function updateProfile() {
	$_userId = e($_REQUEST['userId']);//$_SESSION['userId'];
	$_userName = e($_REQUEST['userName']);
	$_userMotto = e($_REQUEST["userMotto"]);
	$_userHome = e($_REQUEST["userHome"]);
	$_userWorkPlace = e($_REQUEST["userWorkPlace"]);
	$_userAge = e($_REQUEST["userAge"]);
	$_userSex = e($_REQUEST["userSex"]);
	$_userHobby = e($_REQUEST["userHobby"]);
	$_userComment = e($_REQUEST["userComment"]);

	$sth = DBConnector::getDB()
			->prepare(
					"Update tUser SET userName=?, userMotto=?, userHome=?, userWorkPlace=?, userAge=?,
			userSex=?, userHobby=?, userComment=?  WHERE userId=?");
	$sth->bindParam(1, $_userName);
	$sth->bindParam(2, $_userMotto);
	$sth->bindParam(3, $_userHome);
	$sth->bindParam(4, $_userWorkPlace);
	$sth->bindParam(5, $_userAge);
	$sth->bindParam(6, $_userSex);
	$sth->bindParam(7, $_userHobby);
	$sth->bindParam(8, $_userComment);
	$sth->bindParam(9, $_userId);
	$result=$sth->execute();
	if($result) $_SESSION['userName'] = $_userName;
	showProfile();
}

function showProfile() {
	$_userId = $_SESSION['userId'];
	if (isset($_userId)) {
		if (isset($_REQUEST['userId'])) {
			$_userId = e($_REQUEST['userId']);
		}
		$sth = DBConnector::getDB()
		->prepare("select userId, userName, userMotto, userHome, userWorkPlace, userAge, userSex,
				userBirth, userHobby, userComment, PPath
				from tUser where userId ='{$_userId}'");
		$userModel = new UserModel();
		$result = $userModel->select($sth);

		//追加
		//$result['CIndex'] = $_REQUEST['CIndex'];

		$result['CIndex'] = e($_REQUEST['CIndex']);

		$view = new View($result);
		$view->render("profileTop.php");
	} else {
		logOut();
	}
}

function showProfileList() {
	$sth = DBConnector::getDB()
	->prepare("select userId, userName, userMotto, userHome, userWorkPlace, userAge, userSex,
			userBirth, userHobby, userComment, userPrivilege from tUser");
	$userModel = new UserModel();
	$result = $userModel->select($sth);
	$view = new View($result);
	$view->render("profileList.php");
}

function showProfileEdit() {
	//$result=selectProfile($_SESSION['userId']);
	//var_dump($_REQUEST);
	$result=selectProfile($_REQUEST['userId']);
	$view = new View($result);
	$view->render("profileEdit.php");
}

function addUser(){
	$view = new View();
	$view->render("addUser.php");
}

function updateUserPassword() {
	if ($_SESSION['userPrivilege'] == 0) {
		$_password = e($_REQUEST["userPassword"]);
		$_userId = e($_REQUEST['userId']);
		$sth = DBConnector::getDB()
				->prepare(
						"Update tUser SET userPassword=password(?)
			 WHERE userId=?");
		$sth->bindParam(1, $_password);
		$sth->bindParam(2, $_userId);
		return $sth->execute();
	}
}

function deleteUser() {
	if ($_SESSION['userPrivilege'] == 0 and $_SESSION['token'] == e($_REQUEST['token'])) {
		if ($_SESSION['userId']==e($_REQUEST['userId'])) {
			$_REQUEST['userId'] = NULL;
			$_REQUEST['token'] = NULL;
			showProfileList();
			return;
		}
		$_userId = e($_REQUEST['userId']);
		$userModel = new UserModel();
		$userModel->delete($_userId);
		$_REQUEST['userId'] = NULL;
		$_REQUEST['token'] = NULL;
		showProfileList();
	}
}

function insertUser() {
	if ($_SESSION['userPrivilege'] == 0) {
		$_userId = e($_REQUEST['userId']);
		$_userPassword = e($_REQUEST["userPassword"]);
		$_userName = e($_REQUEST["userName"]);
		$userModel = new userModel();
		$userModel->insert($_userId, $_userPassword, $_userName);
		showProfile();
	}
}
